Amazon’s cloud-based solution focuses on simplicity by storing data in “buckets”. These “buckets” are the main storage unit of the Amazon Simple Storage Service (S3). Buckets are secured by default, but users can choose to edit storage settings. This is where many organizations are encountering issues: it’s easy for inexperienced users to setup storage and, consequently, there is a real risk that storage will be setup in an unprotected manner. Data breaches can result when stored objects are opened to the world.
To help monitor open containers, Amazon announced that their S3 Bucket Permissions check, previously available only to Business and Enterprise support customers, is now free. The check “identifies S3 buckets that are publicly accessible due to ACLs or policies that allow read/write access for any user”.
The feature examines access control lists (ACLs) and policies (not ACL objects) to determine if an S3 bucket provides public read or write access. Buckets are then labelled to reflect their access type. This allows organizations to identify public buckets and verify they do, in fact, want to expose this data outside the organization.
Additional Resources to Ensure Safe Cloud Storage
Visit the AWS Trusted Advisor resource page for best practices on security, fault tolerance, and more. Amazon offers other free security tools in addition to the Bucket Permissions check.
Amazon also provides a detailed response to the question: How can I help ensure the files in my Amazon S3 bucket are secure?
For more recommendations and advice on how to protect your cloud data, read our blog post Amazon S3 Buckets: Unsecured Exposure of Cloud Data. Click below to learn more about Teramind.